AI Trajectory


Trajectory: (Expand/Collapse All)
Seq Timestamp Type Name Duration
0/0 2026/06/25 01:46 flow patch-triage
1m Args:
null

Results:
{
  "EnableConfigs": [
    "KVM",
    "SUSPEND",
    "CPU_IDLE"
  ],
  "FocusSymbols": [
    "kvm_riscv_aia_enable",
    "kvm_riscv_aia_disable",
    "kvm_riscv_cpu_pm_notifier"
  ],
  "Reasoning": "The patch modifies the RISC-V KVM AIA (Advanced Interrupt Architecture) support to handle CPU non-retention idle states. It introduces a CPU PM notifier that calls `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` with a new `full_cleanup` boolean parameter. This is functional core kernel logic that is reachable during CPU power management events and KVM initialization/teardown.",
  "WorthFuzzing": true
}

1/1 2026/06/25 01:46 action read-patch-diff
0m Args:
null

Results:
{
  "PatchDiff": "commit c67548153deee80323a325eb2587c3abf2e69ee9\nAuthor: syz-cluster \u003ctriage@syzkaller.com\u003e\nDate:   Thu Jun 25 01:46:43 2026 +0000\n\n    syz-cluster: applied patch under review\n\ndiff --git a/arch/riscv/include/asm/kvm_aia.h b/arch/riscv/include/asm/kvm_aia.h\nindex c67ec5ac0a146b..7c1c3250598fb0 100644\n--- a/arch/riscv/include/asm/kvm_aia.h\n+++ b/arch/riscv/include/asm/kvm_aia.h\n@@ -165,8 +165,19 @@ int kvm_riscv_aia_alloc_hgei(int cpu, struct kvm_vcpu *owner,\n \t\t\t     void __iomem **hgei_va, phys_addr_t *hgei_pa);\n void kvm_riscv_aia_free_hgei(int cpu, int hgei);\n \n-void kvm_riscv_aia_enable(void);\n-void kvm_riscv_aia_disable(void);\n+/**\n+ * kvm_riscv_aia_enable() - Enable AIA support on current CPU\n+ * @full_cleanup: true = full hardware init (CPU hotplug/module load),\n+ *                false = lightweight CSR restore (CPU non-retention idle resume)\n+ */\n+void kvm_riscv_aia_enable(bool full_cleanup);\n+\n+/**\n+ * kvm_riscv_aia_disable() - Disable AIA support on current CPU\n+ * @full_cleanup: true = full hardware cleanup (CPU hotplug/module exit),\n+ *                false = lightweight CSR save (CPU non-retention idle entry)\n+ */\n+void kvm_riscv_aia_disable(bool full_cleanup);\n int kvm_riscv_aia_init(void);\n void kvm_riscv_aia_exit(void);\n \ndiff --git a/arch/riscv/kvm/aia.c b/arch/riscv/kvm/aia.c\nindex bafb009c5ce559..82812493ac684a 100644\n--- a/arch/riscv/kvm/aia.c\n+++ b/arch/riscv/kvm/aia.c\n@@ -532,50 +532,61 @@ static void aia_hgei_exit(void)\n \tfree_percpu_irq(hgei_parent_irq, \u0026aia_hgei);\n }\n \n-void kvm_riscv_aia_enable(void)\n+void kvm_riscv_aia_enable(bool full_cleanup)\n {\n-\tconst struct imsic_global_config *gc;\n-\tconst struct imsic_local_config *lc;\n \tstruct aia_hgei_control *hgctrl;\n \tunsigned long flags;\n-\tint aia_nr_hgei;\n \n \tif (!kvm_riscv_aia_available())\n \t\treturn;\n \n-\tgc = imsic_get_global_config();\n-\tlc = (gc) ? this_cpu_ptr(gc-\u003elocal) : NULL;\n \thgctrl = this_cpu_ptr(\u0026aia_hgei);\n \n-\t/* Figure-out number of bits in HGEIE */\n-\tcsr_write(CSR_HGEIE, -1UL);\n-\thgctrl-\u003enr_hgei = fls_long(csr_read(CSR_HGEIE));\n-\tcsr_write(CSR_HGEIE, 0);\n-\tif (hgctrl-\u003enr_hgei)\n-\t\thgctrl-\u003enr_hgei--;\n+\tif (full_cleanup) {\n+\t\tconst struct imsic_global_config *gc;\n+\t\tconst struct imsic_local_config *lc;\n+\t\tint aia_nr_hgei;\n \n-\t/*\n-\t * Number of usable per-HART HGEI lines should be minimum of\n-\t * per-HART IMSIC guest files and number of bits in HGEIE.\n-\t */\n-\tif (lc)\n-\t\thgctrl-\u003enr_hgei = min((ulong)hgctrl-\u003enr_hgei, lc-\u003enr_guest_files);\n-\telse\n-\t\thgctrl-\u003enr_hgei = 0;\n+\t\tgc = imsic_get_global_config();\n+\t\tlc = (gc) ? this_cpu_ptr(gc-\u003elocal) : NULL;\n \n-\t/* Update the number of IMSIC guest files across all HARTs */\n-\taia_nr_hgei = atomic_read(\u0026kvm_riscv_aia_nr_hgei);\n-\tdo {\n-\t\tif (aia_nr_hgei \u003c= hgctrl-\u003enr_hgei)\n-\t\t\tbreak;\n-\t} while (!atomic_try_cmpxchg(\u0026kvm_riscv_aia_nr_hgei, \u0026aia_nr_hgei, hgctrl-\u003enr_hgei));\n+\t\t/* Figure-out number of bits in HGEIE */\n+\t\tcsr_write(CSR_HGEIE, -1UL);\n+\t\thgctrl-\u003enr_hgei = fls_long(csr_read(CSR_HGEIE));\n+\t\tcsr_write(CSR_HGEIE, 0);\n+\t\tif (hgctrl-\u003enr_hgei)\n+\t\t\thgctrl-\u003enr_hgei--;\n \n-\traw_spin_lock_irqsave(\u0026hgctrl-\u003elock, flags);\n-\tif (!hgctrl-\u003efree_bitmap_initialized) {\n-\t\thgctrl-\u003efree_bitmap = (hgctrl-\u003enr_hgei) ? GENMASK_ULL(hgctrl-\u003enr_hgei, 1) : 0;\n-\t\thgctrl-\u003efree_bitmap_initialized = true;\n+\t\t/*\n+\t\t * Number of usable per-HART HGEI lines should be minimum of\n+\t\t * per-HART IMSIC guest files and number of bits in HGEIE.\n+\t\t */\n+\t\tif (lc)\n+\t\t\thgctrl-\u003enr_hgei = min((ulong)hgctrl-\u003enr_hgei, lc-\u003enr_guest_files);\n+\t\telse\n+\t\t\thgctrl-\u003enr_hgei = 0;\n+\n+\t\t/* Update the number of IMSIC guest files across all HARTs */\n+\t\taia_nr_hgei = atomic_read(\u0026kvm_riscv_aia_nr_hgei);\n+\t\tdo {\n+\t\t\tif (aia_nr_hgei \u003c= hgctrl-\u003enr_hgei)\n+\t\t\t\tbreak;\n+\t\t} while (!atomic_try_cmpxchg(\u0026kvm_riscv_aia_nr_hgei, \u0026aia_nr_hgei,\n+\t\t\t\t\t     hgctrl-\u003enr_hgei));\n+\n+\t\traw_spin_lock_irqsave(\u0026hgctrl-\u003elock, flags);\n+\t\tif (!hgctrl-\u003efree_bitmap_initialized) {\n+\t\t\thgctrl-\u003efree_bitmap = (hgctrl-\u003enr_hgei) ?\n+\t\t\t\t\t      GENMASK_ULL(hgctrl-\u003enr_hgei, 1) :\n+\t\t\t\t\t      0;\n+\t\t\thgctrl-\u003efree_bitmap_initialized = true;\n+\t\t}\n+\t\traw_spin_unlock_irqrestore(\u0026hgctrl-\u003elock, flags);\n+\t} else {\n+\t\traw_spin_lock_irqsave(\u0026hgctrl-\u003elock, flags);\n+\t\tcsr_write(CSR_HGEIE, ~hgctrl-\u003efree_bitmap);\n+\t\traw_spin_unlock_irqrestore(\u0026hgctrl-\u003elock, flags);\n \t}\n-\traw_spin_unlock_irqrestore(\u0026hgctrl-\u003elock, flags);\n \n \tcsr_write(CSR_HVICTL, aia_hvictl_value(false));\n \tcsr_write(CSR_HVIPRIO1, 0x0);\n@@ -587,65 +598,73 @@ void kvm_riscv_aia_enable(void)\n \tcsr_write(CSR_HVIPRIO2H, 0x0);\n #endif\n \n-\t/* Enable per-CPU SGEI interrupt */\n-\tenable_percpu_irq(hgei_parent_irq,\n-\t\t\t  irq_get_trigger_type(hgei_parent_irq));\n-\tcsr_set(CSR_HIE, BIT(IRQ_S_GEXT));\n+\tif (full_cleanup) {\n+\t\t/* Enable per-CPU SGEI interrupt */\n+\t\tenable_percpu_irq(hgei_parent_irq,\n+\t\t\t\t  irq_get_trigger_type(hgei_parent_irq));\n+\t\tcsr_set(CSR_HIE, BIT(IRQ_S_GEXT));\n+\t}\n+\n \t/* Enable IRQ filtering for overflow interrupt only if sscofpmf is present */\n \tif (__riscv_isa_extension_available(NULL, RISCV_ISA_EXT_SSCOFPMF))\n \t\tcsr_set(CSR_HVIEN, BIT(IRQ_PMU_OVF));\n }\n \n-void kvm_riscv_aia_disable(void)\n+void kvm_riscv_aia_disable(bool full_cleanup)\n {\n \tint i;\n \tunsigned long flags;\n-\tstruct kvm_vcpu *vcpu;\n-\tstruct aia_hgei_control *hgctrl;\n \n \tif (!kvm_riscv_aia_available())\n \t\treturn;\n-\thgctrl = get_cpu_ptr(\u0026aia_hgei);\n \n \tif (__riscv_isa_extension_available(NULL, RISCV_ISA_EXT_SSCOFPMF))\n \t\tcsr_clear(CSR_HVIEN, BIT(IRQ_PMU_OVF));\n-\t/* Disable per-CPU SGEI interrupt */\n-\tcsr_clear(CSR_HIE, BIT(IRQ_S_GEXT));\n-\tdisable_percpu_irq(hgei_parent_irq);\n-\n-\tcsr_write(CSR_HVICTL, aia_hvictl_value(false));\n \n-\traw_spin_lock_irqsave(\u0026hgctrl-\u003elock, flags);\n+\tif (full_cleanup) {\n+\t\t/* Disable per-CPU SGEI interrupt */\n+\t\tcsr_clear(CSR_HIE, BIT(IRQ_S_GEXT));\n+\t\tdisable_percpu_irq(hgei_parent_irq);\n+\t}\n \n-\tfor (i = 0; i \u003c= hgctrl-\u003enr_hgei; i++) {\n-\t\tvcpu = hgctrl-\u003eowners[i];\n-\t\tif (!vcpu)\n-\t\t\tcontinue;\n+\tcsr_write(CSR_HVICTL, aia_hvictl_value(false));\n \n-\t\t/*\n-\t\t * We release hgctrl-\u003elock before notifying IMSIC\n-\t\t * so that we don't have lock ordering issues.\n-\t\t */\n-\t\traw_spin_unlock_irqrestore(\u0026hgctrl-\u003elock, flags);\n+\tif (full_cleanup) {\n+\t\tstruct kvm_vcpu *vcpu;\n+\t\tstruct aia_hgei_control *hgctrl;\n \n-\t\t/* Notify IMSIC */\n-\t\tkvm_riscv_vcpu_aia_imsic_release(vcpu);\n+\t\thgctrl = get_cpu_ptr(\u0026aia_hgei);\n+\t\traw_spin_lock_irqsave(\u0026hgctrl-\u003elock, flags);\n \n-\t\t/*\n-\t\t * Wakeup VCPU if it was blocked so that it can\n-\t\t * run on other HARTs\n-\t\t */\n-\t\tif (csr_read(CSR_HGEIE) \u0026 BIT(i)) {\n-\t\t\tcsr_clear(CSR_HGEIE, BIT(i));\n-\t\t\tkvm_vcpu_kick(vcpu);\n+\t\tfor (i = 0; i \u003c= hgctrl-\u003enr_hgei; i++) {\n+\t\t\tvcpu = hgctrl-\u003eowners[i];\n+\t\t\tif (!vcpu)\n+\t\t\t\tcontinue;\n+\n+\t\t\t/*\n+\t\t\t * We release hgctrl-\u003elock before notifying IMSIC\n+\t\t\t * so that we don't have lock ordering issues.\n+\t\t\t */\n+\t\t\traw_spin_unlock_irqrestore(\u0026hgctrl-\u003elock, flags);\n+\n+\t\t\t/* Notify IMSIC */\n+\t\t\tkvm_riscv_vcpu_aia_imsic_release(vcpu);\n+\n+\t\t\t/*\n+\t\t\t * Wakeup VCPU if it was blocked so that it can\n+\t\t\t * run on other HARTs\n+\t\t\t */\n+\t\t\tif (csr_read(CSR_HGEIE) \u0026 BIT(i)) {\n+\t\t\t\tcsr_clear(CSR_HGEIE, BIT(i));\n+\t\t\t\tkvm_vcpu_kick(vcpu);\n+\t\t\t}\n+\n+\t\t\traw_spin_lock_irqsave(\u0026hgctrl-\u003elock, flags);\n \t\t}\n \n-\t\traw_spin_lock_irqsave(\u0026hgctrl-\u003elock, flags);\n+\t\traw_spin_unlock_irqrestore(\u0026hgctrl-\u003elock, flags);\n+\t\tput_cpu_ptr(\u0026aia_hgei);\n \t}\n-\n-\traw_spin_unlock_irqrestore(\u0026hgctrl-\u003elock, flags);\n-\n-\tput_cpu_ptr(\u0026aia_hgei);\n }\n \n int kvm_riscv_aia_init(void)\ndiff --git a/arch/riscv/kvm/main.c b/arch/riscv/kvm/main.c\nindex 0924c75100a2d0..41ef91ea39218c 100644\n--- a/arch/riscv/kvm/main.c\n+++ b/arch/riscv/kvm/main.c\n@@ -10,6 +10,7 @@\n #include \u003clinux/err.h\u003e\n #include \u003clinux/module.h\u003e\n #include \u003clinux/kvm_host.h\u003e\n+#include \u003clinux/cpu_pm.h\u003e\n #include \u003casm/cpufeature.h\u003e\n #include \u003casm/kvm_mmu.h\u003e\n #include \u003casm/kvm_nacl.h\u003e\n@@ -33,14 +34,9 @@ long kvm_arch_dev_ioctl(struct file *filp,\n \treturn -EINVAL;\n }\n \n-int kvm_arch_enable_virtualization_cpu(void)\n+/* Initialize hypervisor CSRs - called during CPU online and non-retention idle resume */\n+static void kvm_riscv_csr_enable(void)\n {\n-\tint rc;\n-\n-\trc = kvm_riscv_nacl_enable();\n-\tif (rc)\n-\t\treturn rc;\n-\n \tcsr_write(CSR_HEDELEG, 0);\n \tcsr_write(CSR_HIDELEG, 0);\n \n@@ -48,16 +44,11 @@ int kvm_arch_enable_virtualization_cpu(void)\n \tcsr_write(CSR_HCOUNTEREN, 0x02);\n \n \tcsr_write(CSR_HVIP, 0);\n-\n-\tkvm_riscv_aia_enable();\n-\n-\treturn 0;\n }\n \n-void kvm_arch_disable_virtualization_cpu(void)\n+/* Clear hypervisor CSRs - called during CPU offline and non-retention idle entry */\n+static void kvm_riscv_csr_disable(void)\n {\n-\tkvm_riscv_aia_disable();\n-\n \t/*\n \t * After clearing the hideleg CSR, the host kernel will receive\n \t * spurious interrupts if hvip CSR has pending interrupts and the\n@@ -68,10 +59,60 @@ void kvm_arch_disable_virtualization_cpu(void)\n \tcsr_write(CSR_HVIP, 0);\n \tcsr_write(CSR_HEDELEG, 0);\n \tcsr_write(CSR_HIDELEG, 0);\n+}\n+\n+int kvm_arch_enable_virtualization_cpu(void)\n+{\n+\tint rc;\n \n+\trc = kvm_riscv_nacl_enable();\n+\tif (rc)\n+\t\treturn rc;\n+\n+\tkvm_riscv_csr_enable();\n+\tkvm_riscv_aia_enable(true);\n+\n+\treturn 0;\n+}\n+\n+void kvm_arch_disable_virtualization_cpu(void)\n+{\n+\tkvm_riscv_aia_disable(true);\n+\tkvm_riscv_csr_disable();\n \tkvm_riscv_nacl_disable();\n }\n \n+static int kvm_riscv_cpu_pm_notifier(struct notifier_block *self, unsigned long cmd, void *v)\n+{\n+\t/*\n+\t * To avoid redundant disable/enable operations (since KVM's\n+\t * syscore ops will handle the state during system suspend),\n+\t * ignore CPU_PM events when a system suspend/resume is in\n+\t * progress.\n+\t */\n+\tif (system_state == SYSTEM_SUSPEND)\n+\t\treturn NOTIFY_DONE;\n+\n+\tswitch (cmd) {\n+\tcase CPU_PM_EXIT:\n+\t\tkvm_riscv_csr_enable();\n+\t\tkvm_riscv_aia_enable(false);\n+\t\treturn NOTIFY_OK;\n+\tcase CPU_PM_ENTER:\n+\t\tkvm_riscv_aia_disable(false);\n+\t\tkvm_riscv_csr_disable();\n+\t\treturn NOTIFY_OK;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+\n+\treturn NOTIFY_DONE;\n+}\n+\n+static struct notifier_block kvm_riscv_cpu_pm_nb = {\n+\t.notifier_call = kvm_riscv_cpu_pm_notifier,\n+};\n+\n static void kvm_riscv_teardown(void)\n {\n \tkvm_riscv_aia_exit();\n@@ -172,22 +213,36 @@ static int __init riscv_kvm_init(void)\n \n \tkvm_register_perf_callbacks();\n \n-\trc = kvm_init(sizeof(struct kvm_vcpu), 0, THIS_MODULE);\n-\tif (rc) {\n-\t\tkvm_riscv_teardown();\n-\t\treturn rc;\n+\t/* Register CPU PM notifier for CPU idle non-retention states */\n+\tif (IS_ENABLED(CONFIG_CPU_PM)) {\n+\t\trc = cpu_pm_register_notifier(\u0026kvm_riscv_cpu_pm_nb);\n+\t\tif (rc) {\n+\t\t\tkvm_err(\"Failed to register CPU PM notifier: %d\\n\", rc);\n+\t\t\tgoto err_teardown;\n+\t\t}\n \t}\n \n-\tif (kvm_riscv_aia_available())\n-\t\tkvm_info(\"AIA available with %d guest external interrupts\\n\",\n-\t\t\t atomic_read(\u0026kvm_riscv_aia_nr_hgei));\n+\trc = kvm_init(sizeof(struct kvm_vcpu), 0, THIS_MODULE);\n+\tif (rc)\n+\t\tgoto err_unregister_cpu_pm;\n \n \treturn 0;\n+\n+err_unregister_cpu_pm:\n+\tif (IS_ENABLED(CONFIG_CPU_PM))\n+\t\tcpu_pm_unregister_notifier(\u0026kvm_riscv_cpu_pm_nb);\n+err_teardown:\n+\tkvm_riscv_teardown();\n+\treturn rc;\n }\n module_init(riscv_kvm_init);\n \n static void __exit riscv_kvm_exit(void)\n {\n+\t/* Unregister CPU PM notifier */\n+\tif (IS_ENABLED(CONFIG_CPU_PM))\n+\t\tcpu_pm_unregister_notifier(\u0026kvm_riscv_cpu_pm_nb);\n+\n \tkvm_exit();\n \n \tkvm_riscv_teardown();\n"
}

2/1 2026/06/25 01:46 agent patch-evaluator
1m Model:
gemini-3.1-pro-preview

Args:
null

Results:
{
  "EnableConfigs": [
    "KVM",
    "SUSPEND",
    "CPU_IDLE"
  ],
  "FocusSymbols": [
    "kvm_riscv_aia_enable",
    "kvm_riscv_aia_disable",
    "kvm_riscv_cpu_pm_notifier"
  ],
  "Reasoning": "The patch modifies the RISC-V KVM AIA (Advanced Interrupt Architecture) support to handle CPU non-retention idle states. It introduces a CPU PM notifier that calls `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` with a new `full_cleanup` boolean parameter. This is functional core kernel logic that is reachable during CPU power management events and KVM initialization/teardown.",
  "WorthFuzzing": true
}

Instruction:
You are an expert Linux kernel maintainer.
Your job is to review a provided patch series and determine
if it makes functional changes to the kernel that should be fuzzed.

IMPORTANT: The changes have ALREADY been applied and committed as the HEAD commit in
your workspace. Do NOT rely on your internal knowledge of the kernel. You must actively
use your code access tools to examine the actual source code and confirm any assumptions.

Return WorthFuzzing=false if the patch only contains:
- Modifications to Documentation/, Kconfig files, or code comments.
- Purely decorative changes, such as logging (e.g., pr_err, printk) or tracepoints.
- Changes to numeric constants or macros that do not functionally alter execution flow.
- Code paths that are impossible to reach in virtualized environments like GCE or QEMU,
even when utilizing software-emulated hardware (e.g., usb gadget, mac80211_hwsim).

If it modifies reachable core kernel logic, drivers, or architectures, use your code search
tools to verify the code can be executed, then return WorthFuzzing=true.

When returning WorthFuzzing=true, you MUST ALSO:
1. Extract any specific kernel functions that should be heavily fuzzed into FocusSymbols.
   Avoid listing generic hot-path functions to prevent skewed test distributions.
2. Identify any specific CONFIG_ options required to properly test this new/modified feature.
   Go and look into the Kconfig files and check for ifdefs around the code, do not make assumptions.
   Do not list too generic configs (we already have them enabled). Only list those that
   specifically cover the modified code. List them in the EnableConfigs output array,
   and DO NOT add a 'CONFIG_' prefix (e.g., return "NET_IPV4" instead of "CONFIG_NET_IPV4").
Prefer calling several tools at the same time to save round-trips.


Use set-results tool to provide results of the analysis.
It must be called exactly once before the final reply.
Ignore results of this tool.

Prompt:
For your convenience, here is the diff of the changes:
commit c67548153deee80323a325eb2587c3abf2e69ee9
Author: syz-cluster <triage@syzkaller.com>
Date:   Thu Jun 25 01:46:43 2026 +0000

    syz-cluster: applied patch under review

diff --git a/arch/riscv/include/asm/kvm_aia.h b/arch/riscv/include/asm/kvm_aia.h
index c67ec5ac0a146b..7c1c3250598fb0 100644
--- a/arch/riscv/include/asm/kvm_aia.h
+++ b/arch/riscv/include/asm/kvm_aia.h
@@ -165,8 +165,19 @@ int kvm_riscv_aia_alloc_hgei(int cpu, struct kvm_vcpu *owner,
 			     void __iomem **hgei_va, phys_addr_t *hgei_pa);
 void kvm_riscv_aia_free_hgei(int cpu, int hgei);
 
-void kvm_riscv_aia_enable(void);
-void kvm_riscv_aia_disable(void);
+/**
+ * kvm_riscv_aia_enable() - Enable AIA support on current CPU
+ * @full_cleanup: true = full hardware init (CPU hotplug/module load),
+ *                false = lightweight CSR restore (CPU non-retention idle resume)
+ */
+void kvm_riscv_aia_enable(bool full_cleanup);
+
+/**
+ * kvm_riscv_aia_disable() - Disable AIA support on current CPU
+ * @full_cleanup: true = full hardware cleanup (CPU hotplug/module exit),
+ *                false = lightweight CSR save (CPU non-retention idle entry)
+ */
+void kvm_riscv_aia_disable(bool full_cleanup);
 int kvm_riscv_aia_init(void);
 void kvm_riscv_aia_exit(void);
 
diff --git a/arch/riscv/kvm/aia.c b/arch/riscv/kvm/aia.c
index bafb009c5ce559..82812493ac684a 100644
--- a/arch/riscv/kvm/aia.c
+++ b/arch/riscv/kvm/aia.c
@@ -532,50 +532,61 @@ static void aia_hgei_exit(void)
 	free_percpu_irq(hgei_parent_irq, &aia_hgei);
 }
 
-void kvm_riscv_aia_enable(void)
+void kvm_riscv_aia_enable(bool full_cleanup)
 {
-	const struct imsic_global_config *gc;
-	const struct imsic_local_config *lc;
 	struct aia_hgei_control *hgctrl;
 	unsigned long flags;
-	int aia_nr_hgei;
 
 	if (!kvm_riscv_aia_available())
 		return;
 
-	gc = imsic_get_global_config();
-	lc = (gc) ? this_cpu_ptr(gc->local) : NULL;
 	hgctrl = this_cpu_ptr(&aia_hgei);
 
-	/* Figure-out number of bits in HGEIE */
-	csr_write(CSR_HGEIE, -1UL);
-	hgctrl->nr_hgei = fls_long(csr_read(CSR_HGEIE));
-	csr_write(CSR_HGEIE, 0);
-	if (hgctrl->nr_hgei)
-		hgctrl->nr_hgei--;
+	if (full_cleanup) {
+		const struct imsic_global_config *gc;
+		const struct imsic_local_config *lc;
+		int aia_nr_hgei;
 
-	/*
-	 * Number of usable per-HART HGEI lines should be minimum of
-	 * per-HART IMSIC guest files and number of bits in HGEIE.
-	 */
-	if (lc)
-		hgctrl->nr_hgei = min((ulong)hgctrl->nr_hgei, lc->nr_guest_files);
-	else
-		hgctrl->nr_hgei = 0;
+		gc = imsic_get_global_config();
+		lc = (gc) ? this_cpu_ptr(gc->local) : NULL;
 
-	/* Update the number of IMSIC guest files across all HARTs */
-	aia_nr_hgei = atomic_read(&kvm_riscv_aia_nr_hgei);
-	do {
-		if (aia_nr_hgei <= hgctrl->nr_hgei)
-			break;
-	} while (!atomic_try_cmpxchg(&kvm_riscv_aia_nr_hgei, &aia_nr_hgei, hgctrl->nr_hgei));
+		/* Figure-out number of bits in HGEIE */
+		csr_write(CSR_HGEIE, -1UL);
+		hgctrl->nr_hgei = fls_long(csr_read(CSR_HGEIE));
+		csr_write(CSR_HGEIE, 0);
+		if (hgctrl->nr_hgei)
+			hgctrl->nr_hgei--;
 
-	raw_spin_lock_irqsave(&hgctrl->lock, flags);
-	if (!hgctrl->free_bitmap_initialized) {
-		hgctrl->free_bitmap = (hgctrl->nr_hgei) ? GENMASK_ULL(hgctrl->nr_hgei, 1) : 0;
-		hgctrl->free_bitmap_initialized = true;
+		/*
+		 * Number of usable per-HART HGEI lines should be minimum of
+		 * per-HART IMSIC guest files and number of bits in HGEIE.
+		 */
+		if (lc)
+			hgctrl->nr_hgei = min((ulong)hgctrl->nr_hgei, lc->nr_guest_files);
+		else
+			hgctrl->nr_hgei = 0;
+
+		/* Update the number of IMSIC guest files across all HARTs */
+		aia_nr_hgei = atomic_read(&kvm_riscv_aia_nr_hgei);
+		do {
+			if (aia_nr_hgei <= hgctrl->nr_hgei)
+				break;
+		} while (!atomic_try_cmpxchg(&kvm_riscv_aia_nr_hgei, &aia_nr_hgei,
+					     hgctrl->nr_hgei));
+
+		raw_spin_lock_irqsave(&hgctrl->lock, flags);
+		if (!hgctrl->free_bitmap_initialized) {
+			hgctrl->free_bitmap = (hgctrl->nr_hgei) ?
+					      GENMASK_ULL(hgctrl->nr_hgei, 1) :
+					      0;
+			hgctrl->free_bitmap_initialized = true;
+		}
+		raw_spin_unlock_irqrestore(&hgctrl->lock, flags);
+	} else {
+		raw_spin_lock_irqsave(&hgctrl->lock, flags);
+		csr_write(CSR_HGEIE, ~hgctrl->free_bitmap);
+		raw_spin_unlock_irqrestore(&hgctrl->lock, flags);
 	}
-	raw_spin_unlock_irqrestore(&hgctrl->lock, flags);
 
 	csr_write(CSR_HVICTL, aia_hvictl_value(false));
 	csr_write(CSR_HVIPRIO1, 0x0);
@@ -587,65 +598,73 @@ void kvm_riscv_aia_enable(void)
 	csr_write(CSR_HVIPRIO2H, 0x0);
 #endif
 
-	/* Enable per-CPU SGEI interrupt */
-	enable_percpu_irq(hgei_parent_irq,
-			  irq_get_trigger_type(hgei_parent_irq));
-	csr_set(CSR_HIE, BIT(IRQ_S_GEXT));
+	if (full_cleanup) {
+		/* Enable per-CPU SGEI interrupt */
+		enable_percpu_irq(hgei_parent_irq,
+				  irq_get_trigger_type(hgei_parent_irq));
+		csr_set(CSR_HIE, BIT(IRQ_S_GEXT));
+	}
+
 	/* Enable IRQ filtering for overflow interrupt only if sscofpmf is present */
 	if (__riscv_isa_extension_available(NULL, RISCV_ISA_EXT_SSCOFPMF))
 		csr_set(CSR_HVIEN, BIT(IRQ_PMU_OVF));
 }
 
-void kvm_riscv_aia_disable(void)
+void kvm_riscv_aia_disable(bool full_cleanup)
 {
 	int i;
 	unsigned long flags;
-	struct kvm_vcpu *vcpu;
-	struct aia_hgei_control *hgctrl;
 
 	if (!kvm_riscv_aia_available())
 		return;
-	hgctrl = get_cpu_ptr(&aia_hgei);
 
 	if (__riscv_isa_extension_available(NULL, RISCV_ISA_EXT_SSCOFPMF))
 		csr_clear(CSR_HVIEN, BIT(IRQ_PMU_OVF));
-	/* Disable per-CPU SGEI interrupt */
-	csr_clear(CSR_HIE, BIT(IRQ_S_GEXT));
-	disable_percpu_irq(hgei_parent_irq);
-
-	csr_write(CSR_HVICTL, aia_hvictl_value(false));
 
-	raw_spin_lock_irqsave(&hgctrl->lock, flags);
+	if (full_cleanup) {
+		/* Disable per-CPU SGEI interrupt */
+		csr_clear(CSR_HIE, BIT(IRQ_S_GEXT));
+		disable_percpu_irq(hgei_parent_irq);
+	}
 
-	for (i = 0; i <= hgctrl->nr_hgei; i++) {
-		vcpu = hgctrl->owners[i];
-		if (!vcpu)
-			continue;
+	csr_write(CSR_HVICTL, aia_hvictl_value(false));
 
-		/*
-		 * We release hgctrl->lock before notifying IMSIC
-		 * so that we don't have lock ordering issues.
-		 */
-		raw_spin_unlock_irqrestore(&hgctrl->lock, flags);
+	if (full_cleanup) {
+		struct kvm_vcpu *vcpu;
+		struct aia_hgei_control *hgctrl;
 
-		/* Notify IMSIC */
-		kvm_riscv_vcpu_aia_imsic_release(vcpu);
+		hgctrl = get_cpu_ptr(&aia_hgei);
+		raw_spin_lock_irqsave(&hgctrl->lock, flags);
 
-		/*
-		 * Wakeup VCPU if it was blocked so that it can
-		 * run on other HARTs
-		 */
-		if (csr_read(CSR_HGEIE) & BIT(i)) {
-			csr_clear(CSR_HGEIE, BIT(i));
-			kvm_vcpu_kick(vcpu);
+		for (i = 0; i <= hgctrl->nr_hgei; i++) {
+			vcpu = hgctrl->owners[i];
+			if (!vcpu)
+				continue;
+
+			/*
+			 * We release hgctrl->lock before notifying IMSIC
+			 * so that we don't have lock ordering issues.
+			 */
+			raw_spin_unlock_irqrestore(&hgctrl->lock, flags);
+
+			/* Notify IMSIC */
+			kvm_riscv_vcpu_aia_imsic_release(vcpu);
+
+			/*
+			 * Wakeup VCPU if it was blocked so that it can
+			 * run on other HARTs
+			 */
+			if (csr_read(CSR_HGEIE) & BIT(i)) {
+				csr_clear(CSR_HGEIE, BIT(i));
+				kvm_vcpu_kick(vcpu);
+			}
+
+			raw_spin_lock_irqsave(&hgctrl->lock, flags);
 		}
 
-		raw_spin_lock_irqsave(&hgctrl->lock, flags);
+		raw_spin_unlock_irqrestore(&hgctrl->lock, flags);
+		put_cpu_ptr(&aia_hgei);
 	}
-
-	raw_spin_unlock_irqrestore(&hgctrl->lock, flags);
-
-	put_cpu_ptr(&aia_hgei);
 }
 
 int kvm_riscv_aia_init(void)
diff --git a/arch/riscv/kvm/main.c b/arch/riscv/kvm/main.c
index 0924c75100a2d0..41ef91ea39218c 100644
--- a/arch/riscv/kvm/main.c
+++ b/arch/riscv/kvm/main.c
@@ -10,6 +10,7 @@
 #include <linux/err.h>
 #include <linux/module.h>
 #include <linux/kvm_host.h>
+#include <linux/cpu_pm.h>
 #include <asm/cpufeature.h>
 #include <asm/kvm_mmu.h>
 #include <asm/kvm_nacl.h>
@@ -33,14 +34,9 @@ long kvm_arch_dev_ioctl(struct file *filp,
 	return -EINVAL;
 }
 
-int kvm_arch_enable_virtualization_cpu(void)
+/* Initialize hypervisor CSRs - called during CPU online and non-retention idle resume */
+static void kvm_riscv_csr_enable(void)
 {
-	int rc;
-
-	rc = kvm_riscv_nacl_enable();
-	if (rc)
-		return rc;
-
 	csr_write(CSR_HEDELEG, 0);
 	csr_write(CSR_HIDELEG, 0);
 
@@ -48,16 +44,11 @@ int kvm_arch_enable_virtualization_cpu(void)
 	csr_write(CSR_HCOUNTEREN, 0x02);
 
 	csr_write(CSR_HVIP, 0);
-
-	kvm_riscv_aia_enable();
-
-	return 0;
 }
 
-void kvm_arch_disable_virtualization_cpu(void)
+/* Clear hypervisor CSRs - called during CPU offline and non-retention idle entry */
+static void kvm_riscv_csr_disable(void)
 {
-	kvm_riscv_aia_disable();
-
 	/*
 	 * After clearing the hideleg CSR, the host kernel will receive
 	 * spurious interrupts if hvip CSR has pending interrupts and the
@@ -68,10 +59,60 @@ void kvm_arch_disable_virtualization_cpu(void)
 	csr_write(CSR_HVIP, 0);
 	csr_write(CSR_HEDELEG, 0);
 	csr_write(CSR_HIDELEG, 0);
+}
+
+int kvm_arch_enable_virtualization_cpu(void)
+{
+	int rc;
 
+	rc = kvm_riscv_nacl_enable();
+	if (rc)
+		return rc;
+
+	kvm_riscv_csr_enable();
+	kvm_riscv_aia_enable(true);
+
+	return 0;
+}
+
+void kvm_arch_disable_virtualization_cpu(void)
+{
+	kvm_riscv_aia_disable(true);
+	kvm_riscv_csr_disable();
 	kvm_riscv_nacl_disable();
 }
 
+static int kvm_riscv_cpu_pm_notifier(struct notifier_block *self, unsigned long cmd, void *v)
+{
+	/*
+	 * To avoid redundant disable/enable operations (since KVM's
+	 * syscore ops will handle the state during system suspend),
+	 * ignore CPU_PM events when a system suspend/resume is in
+	 * progress.
+	 */
+	if (system_state == SYSTEM_SUSPEND)
+		return NOTIFY_DONE;
+
+	switch (cmd) {
+	case CPU_PM_EXIT:
+		kvm_riscv_csr_enable();
+		kvm_riscv_aia_enable(false);
+		return NOTIFY_OK;
+	case CPU_PM_ENTER:
+		kvm_riscv_aia_disable(false);
+		kvm_riscv_csr_disable();
+		return NOTIFY_OK;
+	default:
+		break;
+	}
+
+	return NOTIFY_DONE;
+}
+
+static struct notifier_block kvm_riscv_cpu_pm_nb = {
+	.notifier_call = kvm_riscv_cpu_pm_notifier,
+};
+
 static void kvm_riscv_teardown(void)
 {
 	kvm_riscv_aia_exit();
@@ -172,22 +213,36 @@ static int __init riscv_kvm_init(void)
 
 	kvm_register_perf_callbacks();
 
-	rc = kvm_init(sizeof(struct kvm_vcpu), 0, THIS_MODULE);
-	if (rc) {
-		kvm_riscv_teardown();
-		return rc;
+	/* Register CPU PM notifier for CPU idle non-retention states */
+	if (IS_ENABLED(CONFIG_CPU_PM)) {
+		rc = cpu_pm_register_notifier(&kvm_riscv_cpu_pm_nb);
+		if (rc) {
+			kvm_err("Failed to register CPU PM notifier: %d\n", rc);
+			goto err_teardown;
+		}
 	}
 
-	if (kvm_riscv_aia_available())
-		kvm_info("AIA available with %d guest external interrupts\n",
-			 atomic_read(&kvm_riscv_aia_nr_hgei));
+	rc = kvm_init(sizeof(struct kvm_vcpu), 0, THIS_MODULE);
+	if (rc)
+		goto err_unregister_cpu_pm;
 
 	return 0;
+
+err_unregister_cpu_pm:
+	if (IS_ENABLED(CONFIG_CPU_PM))
+		cpu_pm_unregister_notifier(&kvm_riscv_cpu_pm_nb);
+err_teardown:
+	kvm_riscv_teardown();
+	return rc;
 }
 module_init(riscv_kvm_init);
 
 static void __exit riscv_kvm_exit(void)
 {
+	/* Unregister CPU PM notifier */
+	if (IS_ENABLED(CONFIG_CPU_PM))
+		cpu_pm_unregister_notifier(&kvm_riscv_cpu_pm_nb);
+
 	kvm_exit();
 
 	kvm_riscv_teardown();

3/2 2026/06/25 01:46 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 6503
							output: 23
							thoughts: 559
						

Thoughts:
**Analyzing the RISC-V KVM AIA Patch for Fuzzing Potential**

Okay, so I'm looking at this patch for RISC-V KVM AIA support, and it's making some interesting modifications. Specifically, it's adding a `bool full_cleanup` parameter to `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable`. That's the first thing to note. It's also introducing a CPU PM notifier, `kvm_riscv_cpu_pm_notifier`, designed to handle CPU non-retention idle states. This notifier calls the AIA enable/disable functions, but *without* the full cleanup, which is interesting. It registers the notifier only if `CONFIG_CPU_PM` is enabled.

My initial thought is, "Is this actually reachable and functional?" And the answer is, yes, it's functional; it's definitely modifying KVM RISC-V CPU power management handling. The critical question for me, given my expertise, is, can we fuzz this efficiently?

The obvious trigger is CPU PM events – specifically, CPU idle non-retention states. Now, CPU PM events are a potential fuzz target, IF the fuzzer can trigger CPU idle or suspend. Syzkaller, in its default configuration, doesn't typically directly trigger those events; I'd need to confirm whether specific configurations like CPU hotplug or suspend/resume were enabled, which *could* indirectly exercise this code.

However, here's a wrinkle: I see that `kvm_arch_enable_virtualization_cpu` and `kvm_arch_disable_virtualization_cpu` are also modified to pass `true` to `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable`! This is key. These functions are involved during CPU hotplug or module load/unload. This means we have a couple of different paths to the code, and this is good fuzzing fodder, since one might be easier to trigger than the other!

So, `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` are clearly functional and now take a flag to control cleanup. I now have two possible avenues for fuzzing: CPU PM events (idle/suspend/resume) and CPU hotplug/module load.

To be thorough, let me quickly check the Kconfig settings. I'm expecting `CONFIG_KVM`, `CONFIG_RISCV`, and, crucially, `CONFIG_CPU_PM` for the notifier to be enabled. Then, I'll quickly verify the callgraph for `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` to see how extensively the functions are called.



4/2 2026/06/25 01:46 tool grepper
0m Args:
{
  "Expression": "kvm_riscv_aia_enable"
}

Results:
{
  "Output": "arch/riscv/include/asm/kvm_aia.h=166=void kvm_riscv_aia_free_hgei(int cpu, int hgei);\n--\narch/riscv/include/asm/kvm_aia.h-168-/**\narch/riscv/include/asm/kvm_aia.h:169: * kvm_riscv_aia_enable() - Enable AIA support on current CPU\narch/riscv/include/asm/kvm_aia.h-170- * @full_cleanup: true = full hardware init (CPU hotplug/module load),\n--\narch/riscv/include/asm/kvm_aia.h-172- */\narch/riscv/include/asm/kvm_aia.h:173:void kvm_riscv_aia_enable(bool full_cleanup);\narch/riscv/include/asm/kvm_aia.h-174-\n--\narch/riscv/kvm/aia.c=529=static void aia_hgei_exit(void)\n--\narch/riscv/kvm/aia.c-534-\narch/riscv/kvm/aia.c:535:void kvm_riscv_aia_enable(bool full_cleanup)\narch/riscv/kvm/aia.c-536-{\n--\narch/riscv/kvm/main.c=64=int kvm_arch_enable_virtualization_cpu(void)\n--\narch/riscv/kvm/main.c-72-\tkvm_riscv_csr_enable();\narch/riscv/kvm/main.c:73:\tkvm_riscv_aia_enable(true);\narch/riscv/kvm/main.c-74-\n--\narch/riscv/kvm/main.c=85=static int kvm_riscv_cpu_pm_notifier(struct notifier_block *self, unsigned long cmd, void *v)\n--\narch/riscv/kvm/main.c-98-\t\tkvm_riscv_csr_enable();\narch/riscv/kvm/main.c:99:\t\tkvm_riscv_aia_enable(false);\narch/riscv/kvm/main.c-100-\t\treturn NOTIFY_OK;\n"
}

5/2 2026/06/25 01:46 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 8259
							output: 18
							thoughts: 232
						

Thoughts:
**Analyzing the KVM-RISCV AIA Enable/Disable Patch**

Okay, so I'm looking at this patch and immediately, the `kvm_riscv_cpu_pm_notifier` is drawing my attention. It seems to be the entry point for some power management hookup, and critically, it's calling `kvm_riscv_aia_enable(false)` and `kvm_riscv_aia_disable(false)`. That makes sense - likely disabling the AIA when the CPU is going into a lower power state. Then, they're modifying the virtualization enable/disable functions (`kvm_arch_enable_virtualization_cpu` and `kvm_arch_disable_virtualization_cpu`) to toggle AIA with the `full_cleanup` flag, calling `kvm_riscv_aia_enable(true)` and `kvm_riscv_aia_disable(true)`. Right. So we've got an AIA state change tied to both CPU power management and general virtualization.

Now, my mind starts to wander. Is this implementation *sound*? Does the logic in `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` handle the different cleanup/setup appropriately? Seems like that's the core of the functionality based on the `full_cleanup` flag.

The question then becomes: is this fuzz-able? Yes, absolutely. It's functional, touches some key components, and has several entry points.

I'll flag `kvm_riscv_aia_enable`, `kvm_riscv_aia_disable`, and `kvm_riscv_cpu_pm_notifier` as my focus symbols. These are the functions I want to target during fuzzing.

Before I get too deep, I should check the configs. Seems like the patch adds `KVM` and `CPU_PM` as the enable config. I'll take a quick check to make sure `CPU_PM` is a valid config. That's a sanity check I want to do before I dig deeper.



6/2 2026/06/25 01:47 tool grepper
0m Args:
{
  "Expression": "config CPU_PM"
}

Results:
{
  "Output": "arch/csky/Kconfig=232=choice\n--\narch/csky/Kconfig-237-\narch/csky/Kconfig:238:config CPU_PMU_NONE\narch/csky/Kconfig-239-\tbool \"None\"\n--\narch/csky/Kconfig=246=choice\n--\narch/csky/Kconfig-249-\narch/csky/Kconfig:250:config CPU_PM_NONE\narch/csky/Kconfig-251-\tbool \"None\"\narch/csky/Kconfig-252-\narch/csky/Kconfig:253:config CPU_PM_WAIT\narch/csky/Kconfig-254-\tbool \"wait\"\narch/csky/Kconfig-255-\narch/csky/Kconfig:256:config CPU_PM_DOZE\narch/csky/Kconfig-257-\tbool \"doze\"\narch/csky/Kconfig-258-\narch/csky/Kconfig:259:config CPU_PM_STOP\narch/csky/Kconfig-260-\tbool \"stop\"\n--\nkernel/power/Kconfig=385=config PM_GENERIC_DOMAINS_OF\n--\nkernel/power/Kconfig-388-\nkernel/power/Kconfig:389:config CPU_PM\nkernel/power/Kconfig-390-\tbool\n"
}

7/2 2026/06/25 01:47 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 9323
							output: 17
							thoughts: 38
						

Thoughts:
Okay, here's my take on those thoughts, framed as an expert's internal monologue:

**Checking Configuration Sanity**

Alright, let's see. *CPU_PM* – that's definitely a valid configuration option. Good. *KVM*... yep, that rings a bell too, totally legit. But hold on a second... are we talking about the generic KVM here, or is there something specific to the RISC-V architecture? We need to be precise, or we're going to have issues later. Gotta double-check if there's a dedicated RISC-V KVM configuration floating around somewhere. It’s essential to avoid ambiguity here and make sure we’re using the right settings for the target platform.



8/2 2026/06/25 01:47 tool grepper
0m Args:
{
  "Expression": "config KVM"
}

Results:
{
  "Output": "arch/arm64/kvm/Kconfig=18=if VIRTUALIZATION\narch/arm64/kvm/Kconfig-19-\narch/arm64/kvm/Kconfig:20:menuconfig KVM\narch/arm64/kvm/Kconfig-21-\tbool \"Kernel-based Virtual Machine (KVM) support\"\n--\narch/loongarch/kvm/Kconfig=18=if VIRTUALIZATION\narch/loongarch/kvm/Kconfig-19-\narch/loongarch/kvm/Kconfig:20:config KVM\narch/loongarch/kvm/Kconfig-21-\ttristate \"Kernel-based Virtual Machine (KVM) support\"\n--\narch/mips/kvm/Kconfig=16=if VIRTUALIZATION\narch/mips/kvm/Kconfig-17-\narch/mips/kvm/Kconfig:18:config KVM\narch/mips/kvm/Kconfig-19-\ttristate \"Kernel-based Virtual Machine (KVM) support\"\n--\narch/mips/kvm/Kconfig-30-\narch/mips/kvm/Kconfig:31:config KVM_MIPS_DEBUG_COP0_COUNTERS\narch/mips/kvm/Kconfig-32-\tbool \"Maintain counters for COP0 accesses\"\n--\narch/powerpc/kvm/Kconfig=18=if VIRTUALIZATION\narch/powerpc/kvm/Kconfig-19-\narch/powerpc/kvm/Kconfig:20:config KVM\narch/powerpc/kvm/Kconfig-21-\tbool\n--\narch/powerpc/kvm/Kconfig-25-\narch/powerpc/kvm/Kconfig:26:config KVM_BOOK3S_HANDLER\narch/powerpc/kvm/Kconfig-27-\tbool\narch/powerpc/kvm/Kconfig-28-\narch/powerpc/kvm/Kconfig:29:config KVM_BOOK3S_32_HANDLER\narch/powerpc/kvm/Kconfig-30-\tbool\n--\narch/powerpc/kvm/Kconfig-33-\narch/powerpc/kvm/Kconfig:34:config KVM_BOOK3S_64_HANDLER\narch/powerpc/kvm/Kconfig-35-\tbool\n--\narch/powerpc/kvm/Kconfig-37-\narch/powerpc/kvm/Kconfig:38:config KVM_BOOK3S_PR_POSSIBLE\narch/powerpc/kvm/Kconfig-39-\tbool\n--\narch/powerpc/kvm/Kconfig-41-\narch/powerpc/kvm/Kconfig:42:config KVM_BOOK3S_HV_POSSIBLE\narch/powerpc/kvm/Kconfig-43-\tbool\narch/powerpc/kvm/Kconfig-44-\narch/powerpc/kvm/Kconfig:45:config KVM_BOOK3S_32\narch/powerpc/kvm/Kconfig-46-\ttristate \"KVM support for PowerPC book3s_32 processors\"\n--\narch/powerpc/kvm/Kconfig-61-\narch/powerpc/kvm/Kconfig:62:config KVM_BOOK3S_64\narch/powerpc/kvm/Kconfig-63-\ttristate \"KVM support for PowerPC book3s_64 processors\"\n--\narch/powerpc/kvm/Kconfig-78-\narch/powerpc/kvm/Kconfig:79:config KVM_BOOK3S_64_HV\narch/powerpc/kvm/Kconfig-80-\ttristate \"KVM for POWER7 and later using hypervisor mode in host\"\n--\narch/powerpc/kvm/Kconfig-99-\narch/powerpc/kvm/Kconfig:100:config KVM_BOOK3S_64_PR\narch/powerpc/kvm/Kconfig-101-\ttristate \"KVM support without using hypervisor mode in host\"\n--\narch/powerpc/kvm/Kconfig-125-\narch/powerpc/kvm/Kconfig:126:config KVM_BOOK3S_HV_EXIT_TIMING\narch/powerpc/kvm/Kconfig-127-\tbool\narch/powerpc/kvm/Kconfig-128-\narch/powerpc/kvm/Kconfig:129:config KVM_BOOK3S_HV_P9_TIMING\narch/powerpc/kvm/Kconfig-130-\tbool \"Detailed timing for the P9 entry point\"\n--\narch/powerpc/kvm/Kconfig-141-\narch/powerpc/kvm/Kconfig:142:config KVM_BOOK3S_HV_P8_TIMING\narch/powerpc/kvm/Kconfig-143-\tbool \"Detailed timing for hypervisor real-mode code (for POWER8)\"\n--\narch/powerpc/kvm/Kconfig-156-\narch/powerpc/kvm/Kconfig:157:config KVM_BOOK3S_HV_NESTED_PMU_WORKAROUND\narch/powerpc/kvm/Kconfig-158-\tbool \"Nested L0 host workaround for L1 KVM host PMU handling bug\" if EXPERT\n--\narch/powerpc/kvm/Kconfig-171-\narch/powerpc/kvm/Kconfig:172:config KVM_BOOK3S_HV_PMU\narch/powerpc/kvm/Kconfig-173-\ttristate \"Hypervisor Perf events for KVM Book3s-HV\"\n--\narch/powerpc/kvm/Kconfig-183-\narch/powerpc/kvm/Kconfig:184:config KVM_BOOKE_HV\narch/powerpc/kvm/Kconfig-185-\tbool\narch/powerpc/kvm/Kconfig-186-\narch/powerpc/kvm/Kconfig:187:config KVM_EXIT_TIMING\narch/powerpc/kvm/Kconfig-188-\tbool \"Detailed exit timing\"\n--\narch/powerpc/kvm/Kconfig-197-\narch/powerpc/kvm/Kconfig:198:config KVM_E500V2\narch/powerpc/kvm/Kconfig-199-\tbool \"KVM support for PowerPC E500v2 processors\"\n--\narch/powerpc/kvm/Kconfig-212-\narch/powerpc/kvm/Kconfig:213:config KVM_E500MC\narch/powerpc/kvm/Kconfig-214-\tbool \"KVM support for PowerPC E500MC/E5500/E6500 processors\"\n--\narch/powerpc/kvm/Kconfig-228-\narch/powerpc/kvm/Kconfig:229:config KVM_MPIC\narch/powerpc/kvm/Kconfig-230-\tbool \"KVM in-kernel MPIC emulation\"\n--\narch/powerpc/kvm/Kconfig-240-\narch/powerpc/kvm/Kconfig:241:config KVM_XICS\narch/powerpc/kvm/Kconfig-242-\tbool \"KVM in-kernel XICS emulation\"\n--\narch/powerpc/kvm/Kconfig-250-\narch/powerpc/kvm/Kconfig:251:config KVM_XIVE\narch/powerpc/kvm/Kconfig-252-\tbool\n--\narch/powerpc/platforms/Kconfig=22=source \"arch/powerpc/platforms/microwatt/Kconfig\"\narch/powerpc/platforms/Kconfig-23-\narch/powerpc/platforms/Kconfig:24:config KVM_GUEST\narch/powerpc/platforms/Kconfig-25-\tbool \"KVM Guest support\"\n--\narch/riscv/kvm/Kconfig=18=if VIRTUALIZATION\narch/riscv/kvm/Kconfig-19-\narch/riscv/kvm/Kconfig:20:config KVM\narch/riscv/kvm/Kconfig-21-\ttristate \"Kernel-based Virtual Machine (KVM) support\"\n--\narch/s390/kvm/Kconfig=17=if VIRTUALIZATION\narch/s390/kvm/Kconfig-18-\narch/s390/kvm/Kconfig:19:config KVM\narch/s390/kvm/Kconfig-20-\tdef_tristate y\n--\narch/s390/kvm/Kconfig-45-\narch/s390/kvm/Kconfig:46:config KVM_S390_UCONTROL\narch/s390/kvm/Kconfig-47-\tbool \"Userspace controlled virtual machines\"\n--\narch/x86/Kconfig=839=source \"arch/x86/xen/Kconfig\"\narch/x86/Kconfig-840-\narch/x86/Kconfig:841:config KVM_GUEST\narch/x86/Kconfig-842-\tbool \"KVM Guest support (including kvmclock)\"\n--\narch/x86/kvm/Kconfig=18=if VIRTUALIZATION\narch/x86/kvm/Kconfig-19-\narch/x86/kvm/Kconfig:20:config KVM_X86\narch/x86/kvm/Kconfig-21-\tdef_tristate KVM if (KVM_INTEL != n || KVM_AMD != n)\n--\narch/x86/kvm/Kconfig-51-\narch/x86/kvm/Kconfig:52:config KVM\narch/x86/kvm/Kconfig-53-\ttristate \"Kernel-based Virtual Machine (KVM) support\"\n--\narch/x86/kvm/Kconfig-68-\narch/x86/kvm/Kconfig:69:config KVM_WERROR\narch/x86/kvm/Kconfig-70-\tbool \"Compile KVM with -Werror\"\n--\narch/x86/kvm/Kconfig-82-\narch/x86/kvm/Kconfig:83:config KVM_SW_PROTECTED_VM\narch/x86/kvm/Kconfig-84-\tbool \"Enable support for KVM software-protected VMs\"\n--\narch/x86/kvm/Kconfig-95-\narch/x86/kvm/Kconfig:96:config KVM_INTEL\narch/x86/kvm/Kconfig-97-\ttristate \"KVM for Intel (and compatible) processors support\"\n--\narch/x86/kvm/Kconfig-106-\narch/x86/kvm/Kconfig:107:config KVM_INTEL_PROVE_VE\narch/x86/kvm/Kconfig-108-        bool \"Check that guests do not receive #VE exceptions\"\n--\narch/x86/kvm/Kconfig=122=config X86_SGX_KVM\n--\narch/x86/kvm/Kconfig-133-\narch/x86/kvm/Kconfig:134:config KVM_INTEL_TDX\narch/x86/kvm/Kconfig-135-\tbool \"Intel Trust Domain Extensions (TDX) support\"\n--\narch/x86/kvm/Kconfig-145-\narch/x86/kvm/Kconfig:146:config KVM_AMD\narch/x86/kvm/Kconfig-147-\ttristate \"KVM for AMD processors support\"\n--\narch/x86/kvm/Kconfig-155-\narch/x86/kvm/Kconfig:156:config KVM_AMD_SEV\narch/x86/kvm/Kconfig-157-\tbool \"AMD Secure Encrypted Virtualization (SEV) support\"\n--\narch/x86/kvm/Kconfig-171-\narch/x86/kvm/Kconfig:172:config KVM_IOAPIC\narch/x86/kvm/Kconfig-173-\tbool \"I/O APIC, PIC, and PIT emulation\"\n--\narch/x86/kvm/Kconfig-181-\narch/x86/kvm/Kconfig:182:config KVM_SMM\narch/x86/kvm/Kconfig-183-\tbool \"System Management Mode emulation\"\n--\narch/x86/kvm/Kconfig-192-\narch/x86/kvm/Kconfig:193:config KVM_HYPERV\narch/x86/kvm/Kconfig-194-\tbool \"Support for Microsoft Hyper-V emulation\"\n--\narch/x86/kvm/Kconfig-206-\narch/x86/kvm/Kconfig:207:config KVM_XEN\narch/x86/kvm/Kconfig-208-\tbool \"Support for Xen hypercall interface\"\n--\narch/x86/kvm/Kconfig-215-\narch/x86/kvm/Kconfig:216:config KVM_PROVE_MMU\narch/x86/kvm/Kconfig-217-\tbool \"Prove KVM MMU correctness\"\n--\narch/x86/kvm/Kconfig-228-\narch/x86/kvm/Kconfig:229:config KVM_EXTERNAL_WRITE_TRACKING\narch/x86/kvm/Kconfig-230-\tbool\narch/x86/kvm/Kconfig-231-\narch/x86/kvm/Kconfig:232:config KVM_MAX_NR_VCPUS\narch/x86/kvm/Kconfig-233-\tint \"Maximum number of vCPUs per KVM guest\"\n--\nvirt/kvm/Kconfig-3-\nvirt/kvm/Kconfig:4:config KVM_COMMON\nvirt/kvm/Kconfig-5-       bool\n--\nvirt/kvm/Kconfig=39=config NEED_KVM_DIRTY_RING_WITH_BITMAP\n--\nvirt/kvm/Kconfig-42-\nvirt/kvm/Kconfig:43:config KVM_MMIO\nvirt/kvm/Kconfig-44-       bool\nvirt/kvm/Kconfig-45-\nvirt/kvm/Kconfig:46:config KVM_ASYNC_PF\nvirt/kvm/Kconfig-47-       bool\n--\nvirt/kvm/Kconfig-49-# Toggle to switch between direct notification and batch job\nvirt/kvm/Kconfig:50:config KVM_ASYNC_PF_SYNC\nvirt/kvm/Kconfig-51-       bool\n--\nvirt/kvm/Kconfig=59=config HAVE_KVM_CPU_RELAX_INTERCEPT\n--\nvirt/kvm/Kconfig-61-\nvirt/kvm/Kconfig:62:config KVM_VFIO\nvirt/kvm/Kconfig-63-       bool\n--\nvirt/kvm/Kconfig=65=config HAVE_KVM_INVALID_WAKEUPS\n--\nvirt/kvm/Kconfig-67-\nvirt/kvm/Kconfig:68:config KVM_GENERIC_DIRTYLOG_READ_PROTECT\nvirt/kvm/Kconfig-69-       bool\nvirt/kvm/Kconfig-70-\nvirt/kvm/Kconfig:71:config KVM_GENERIC_PRE_FAULT_MEMORY\nvirt/kvm/Kconfig-72-       bool\nvirt/kvm/Kconfig-73-\nvirt/kvm/Kconfig:74:config KVM_COMPAT\nvirt/kvm/Kconfig-75-       def_bool y\n--\nvirt/kvm/Kconfig=91=config HAVE_KVM_PM_NOTIFIER\n--\nvirt/kvm/Kconfig-93-\nvirt/kvm/Kconfig:94:config KVM_GENERIC_HARDWARE_ENABLING\nvirt/kvm/Kconfig-95-       bool\nvirt/kvm/Kconfig-96-\nvirt/kvm/Kconfig:97:config KVM_ELIDE_TLB_FLUSH_IF_YOUNG\nvirt/kvm/Kconfig-98-       bool\nvirt/kvm/Kconfig-99-\nvirt/kvm/Kconfig:100:config KVM_MMU_LOCKLESS_AGING\nvirt/kvm/Kconfig-101-       bool\nvirt/kvm/Kconfig-102-\nvirt/kvm/Kconfig:103:config KVM_GENERIC_MEMORY_ATTRIBUTES\nvirt/kvm/Kconfig-104-       bool\nvirt/kvm/Kconfig-105-\nvirt/kvm/Kconfig:106:config KVM_GUEST_MEMFD\nvirt/kvm/Kconfig-107-       select XARRAY_MULTI\n"
}

9/2 2026/06/25 01:47 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 13824
							output: 18
							thoughts: 82
						

Thoughts:
**Investigating CPU Power Management on RISC-V**

Okay, so I'm looking at these configurations, `KVM` and `CPU_PM`. My initial thought is, "Wait, can we even enable `CPU_PM` on a RISC-V system?" I need to verify its availability. Right, I remember seeing `CPU_PM` in `kernel/power/Kconfig`. Excellent. Now, the real question is, "Is `CPU_PM` actually *selected* by anything within the RISC-V architecture?" I need to investigate that and confirm its presence.



10/2 2026/06/25 01:47 tool grepper
0m Args:
{
  "Expression": "select CPU_PM"
}

Results:
{
  "Output": "arch/arm/Kconfig=2=config ARM\n--\narch/arm/Kconfig-58-\tselect CLONE_BACKWARDS\narch/arm/Kconfig:59:\tselect CPU_PM if SUSPEND || CPU_IDLE\narch/arm/Kconfig-60-\tselect DCACHE_WORD_ACCESS if HAVE_EFFICIENT_UNALIGNED_ACCESS\n--\narch/arm/Kconfig=994=config BL_SWITCHER\n--\narch/arm/Kconfig-996-\tdepends on BIG_LITTLE \u0026\u0026 MCPM \u0026\u0026 HOTPLUG_CPU \u0026\u0026 ARM_GIC\narch/arm/Kconfig:997:\tselect CPU_PM\narch/arm/Kconfig-998-\thelp\n--\narch/arm64/Kconfig=2=config ARM64\n--\narch/arm64/Kconfig-111-\tselect COMMON_CLK\narch/arm64/Kconfig:112:\tselect CPU_PM if (SUSPEND || CPU_IDLE)\narch/arm64/Kconfig-113-\tselect CPUMASK_OFFSTACK if NR_CPUS \u003e 256\n--\narch/loongarch/Kconfig=2=config LOONGARCH\n--\narch/loongarch/Kconfig-87-\tselect COMMON_CLK\narch/loongarch/Kconfig:88:\tselect CPU_PM\narch/loongarch/Kconfig-89-\tselect EDAC_SUPPORT\n--\narch/mips/Kconfig=2=config MIPS\n--\narch/mips/Kconfig-35-\tselect CPU_NO_EFFICIENT_FFS if (TARGET_ISA_REV \u003c 1)\narch/mips/Kconfig:36:\tselect CPU_PM if CPU_IDLE || SUSPEND\narch/mips/Kconfig-37-\tselect GENERIC_ATOMIC64 if !64BIT\n--\narch/riscv/Kconfig=13=config RISCV\n--\narch/riscv/Kconfig-98-\tselect CPU_NO_EFFICIENT_FFS if !RISCV_ISA_ZBB\narch/riscv/Kconfig:99:\tselect CPU_PM if CPU_IDLE || HIBERNATION || SUSPEND\narch/riscv/Kconfig-100-\tselect DYNAMIC_FTRACE if FUNCTION_TRACER\n"
}

11/2 2026/06/25 01:47 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 14621
							output: 18
							thoughts: 338
						

Thoughts:
**Analyzing the RISC-V KVM AIA Patch for Fuzzing Opportunities**

Okay, so the patch is definitely touching `CPU_PM` on the RISC-V architecture. It's automatically selected if `CPU_IDLE`, `HIBERNATION`, or `SUSPEND` are enabled, meaning it's available and *used* within this context. That's a good starting point.

This looks like a functional patch; it modifies RISC-V KVM AIA support, specifically introducing a CPU PM notifier. The changes center around `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable`, where boolean parameters now dictate either a full cleanup or a lightweight CSR save/restore. This screams potential for fuzzing. We have clear functions to target.

My focus should be on fuzzing these functions specifically: `kvm_riscv_aia_enable`, `kvm_riscv_aia_disable`, and also the new `kvm_riscv_cpu_pm_notifier`.

For configuration, I'll need `KVM` and `CPU_PM` enabled. Since `RISCV` is implied, I'm good there. However, since `CPU_PM` is selected, not prompted, by `CPU_IDLE`, `HIBERNATION`, or `SUSPEND`, I might need to make sure one of those is enabled to get it. I'll take a quick look at `kernel/power/Kconfig` to be sure. I may need to specifically enable `CPU_IDLE` or `SUSPEND` to ensure `CPU_PM` is active.



12/2 2026/06/25 01:47 tool grepper
0m Args:
{
  "Expression": "config CPU_PM"
}

Results:
{
  "Output": "arch/csky/Kconfig=232=choice\n--\narch/csky/Kconfig-237-\narch/csky/Kconfig:238:config CPU_PMU_NONE\narch/csky/Kconfig-239-\tbool \"None\"\n--\narch/csky/Kconfig=246=choice\n--\narch/csky/Kconfig-249-\narch/csky/Kconfig:250:config CPU_PM_NONE\narch/csky/Kconfig-251-\tbool \"None\"\narch/csky/Kconfig-252-\narch/csky/Kconfig:253:config CPU_PM_WAIT\narch/csky/Kconfig-254-\tbool \"wait\"\narch/csky/Kconfig-255-\narch/csky/Kconfig:256:config CPU_PM_DOZE\narch/csky/Kconfig-257-\tbool \"doze\"\narch/csky/Kconfig-258-\narch/csky/Kconfig:259:config CPU_PM_STOP\narch/csky/Kconfig-260-\tbool \"stop\"\n--\nkernel/power/Kconfig=385=config PM_GENERIC_DOMAINS_OF\n--\nkernel/power/Kconfig-388-\nkernel/power/Kconfig:389:config CPU_PM\nkernel/power/Kconfig-390-\tbool\n"
}

13/2 2026/06/25 01:47 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 15693
							output: 17
							thoughts: 64
						

Thoughts:
**My Enabling Logic for CPU Power Management**

Okay, so `CPU_PM` is one of those that's *only* brought in by a `select` statement – it doesn't get a direct prompt of its own. That means if I want to actually *use* it, I need to make sure something that selects it is enabled. Right, makes sense.

So, how do I go about that? Well, looking at it, it seems that either `SUSPEND` or `CPU_IDLE` should do the trick. Since I am dealing with configuration, I need to ensure that either of them is available within the `EnableConfigs`. That way, the dependency for `CPU_PM` is met, and I can be sure I'm getting the power management features I want. Now to dig into `SUSPEND` and `CPU_IDLE` to confirm they are suitable.



14/2 2026/06/25 01:47 tool grepper
0m Args:
{
  "Expression": "config SUSPEND"
}

Results:
{
  "Output": "kernel/power/Kconfig-1-# SPDX-License-Identifier: GPL-2.0-only\nkernel/power/Kconfig:2:config SUSPEND\nkernel/power/Kconfig-3-\tbool \"Suspend to RAM and standby\"\n--\nkernel/power/Kconfig-10-\nkernel/power/Kconfig:11:config SUSPEND_FREEZER\nkernel/power/Kconfig-12-\tbool \"Enable freezer for suspend to RAM/standby\" \\\n--\nkernel/power/Kconfig-21-\nkernel/power/Kconfig:22:config SUSPEND_SKIP_SYNC\nkernel/power/Kconfig-23-\tbool \"Skip kernel's sys_sync() on suspend to RAM/standby\"\n"
}

15/2 2026/06/25 01:47 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 16146
							output: 19
							thoughts: 25
						

Thoughts:
Okay, here's my interpretation of those thoughts, tailored for an expert audience, presented in the first person:

**Navigating System States**

Right, so we're looking at some system states and I need to identify what's available to interrogate. First, the `SUSPEND` state. My initial thought is, since there's a prompt associated with it, we should be able to list it and extract relevant information. That seems like a good starting point for analysis. Now, since we're looking at system power management, let's pivot and take a look at `CPU_IDLE`. I need to assess its behavior and what metrics we have access to related to CPU idleness, as that is likely the next logical target.



16/2 2026/06/25 01:47 tool grepper
0m Args:
{
  "Expression": "config CPU_IDLE"
}

Results:
{
  "Output": "drivers/cpuidle/Kconfig=2=menu \"CPU Idle\"\ndrivers/cpuidle/Kconfig-3-\ndrivers/cpuidle/Kconfig:4:config CPU_IDLE\ndrivers/cpuidle/Kconfig-5-\tbool \"CPU idle PM support\"\n--\ndrivers/cpuidle/Kconfig=16=if CPU_IDLE\ndrivers/cpuidle/Kconfig-17-\ndrivers/cpuidle/Kconfig:18:config CPU_IDLE_MULTIPLE_DRIVERS\ndrivers/cpuidle/Kconfig-19-\tbool\ndrivers/cpuidle/Kconfig-20-\ndrivers/cpuidle/Kconfig:21:config CPU_IDLE_GOV_LADDER\ndrivers/cpuidle/Kconfig-22-\tbool \"Ladder governor (for periodic timer tick)\"\ndrivers/cpuidle/Kconfig-23-\ndrivers/cpuidle/Kconfig:24:config CPU_IDLE_GOV_MENU\ndrivers/cpuidle/Kconfig-25-\tbool \"Menu governor (for tickless system)\"\ndrivers/cpuidle/Kconfig-26-\ndrivers/cpuidle/Kconfig:27:config CPU_IDLE_GOV_TEO\ndrivers/cpuidle/Kconfig-28-\tbool \"Timer events oriented (TEO) governor (for tickless systems)\"\n--\ndrivers/cpuidle/Kconfig-35-\ndrivers/cpuidle/Kconfig:36:config CPU_IDLE_GOV_HALTPOLL\ndrivers/cpuidle/Kconfig-37-\tbool \"Haltpoll governor (for virtualized systems)\"\n--\ndrivers/thermal/Kconfig=187=config CPU_FREQ_THERMAL\n--\ndrivers/thermal/Kconfig-197-\ndrivers/thermal/Kconfig:198:config CPU_IDLE_THERMAL\ndrivers/thermal/Kconfig-199-\tbool \"CPU idle cooling device\"\n"
}

17/2 2026/06/25 01:47 llm patch-evaluator
0m Model:
gemini-3.1-pro-preview

Args:
null

Results:
null

Tokens:
							input: 16827
							output: 176
							thoughts: 274
						

Thoughts:
**My Assessment of the RISC-V KVM Patch**

Okay, so this patch triggers when `CPU_IDLE` is enabled. That makes sense; it's got a prompt, so it's a valid config option. I need to make sure `KVM`, `SUSPEND`, and `CPU_IDLE` are all enabled to properly assess this.

Wait, it also touches `kvm_arch_enable_virtualization_cpu` and `kvm_arch_disable_virtualization_cpu`. That's interesting; those functions are called during KVM initialization and CPU hotplug operations. So, the key here is likely fuzzing the KVM functionality on RISC-V. That's where the interesting stuff is.

Here's my distilled understanding:

*   **WorthFuzzing**: Absolutely. This is touching crucial KVM and power management code.
*   **Focus Symbols**: I'm going to put my focus on these:
    *   `kvm_riscv_aia_enable`
    *   `kvm_riscv_aia_disable`
    *   `kvm_riscv_cpu_pm_notifier`

*   **EnableConfigs**: I'll make sure these are enabled during testing:
    *   `KVM`
    *   `SUSPEND`
    *   `CPU_IDLE`

**Reasoning:**

The patch is modifying the RISC-V KVM AIA to manage CPU idle states when the CPU is in a non-retention state. The core of this seems to be the addition of a CPU PM notifier. That notifier is critical as it triggers calls to `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` with a new `full_cleanup` boolean argument, which is vital for this functionality. This all looks like fundamental kernel logic that's reachable during CPU power management events and KVM initialization or teardown. This area needs serious attention. I'll need to figure out what scenarios result in the CPU entering and leaving a non-retention idle state to construct suitable fuzzing test cases.



18/2 2026/06/25 01:47 tool set-results
0m Args:
{
  "EnableConfigs": [
    "KVM",
    "SUSPEND",
    "CPU_IDLE"
  ],
  "FocusSymbols": [
    "kvm_riscv_aia_enable",
    "kvm_riscv_aia_disable",
    "kvm_riscv_cpu_pm_notifier"
  ],
  "Reasoning": "The patch modifies the RISC-V KVM AIA (Advanced Interrupt Architecture) support to handle CPU non-retention idle states. It introduces a CPU PM notifier that calls `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` with a new `full_cleanup` boolean parameter. This is functional core kernel logic that is reachable during CPU power management events and KVM initialization/teardown.",
  "WorthFuzzing": true
}

Results:
{
  "EnableConfigs": [
    "KVM",
    "SUSPEND",
    "CPU_IDLE"
  ],
  "FocusSymbols": [
    "kvm_riscv_aia_enable",
    "kvm_riscv_aia_disable",
    "kvm_riscv_cpu_pm_notifier"
  ],
  "Reasoning": "The patch modifies the RISC-V KVM AIA (Advanced Interrupt Architecture) support to handle CPU non-retention idle states. It introduces a CPU PM notifier that calls `kvm_riscv_aia_enable` and `kvm_riscv_aia_disable` with a new `full_cleanup` boolean parameter. This is functional core kernel logic that is reachable during CPU power management events and KVM initialization/teardown.",
  "WorthFuzzing": true
}

LLM Calls Summary:
Total Calls Total Tokens Avg Tokens Total Duration (Seconds) Avg Duration (Seconds)
Tool Calls Summary:
Total Calls Total Duration (Seconds) Avg Duration (Seconds)